package cn.sciento.resource.config;


import cn.sciento.core.oauth.CustomTokenConverter;
import cn.sciento.core.properties.CoreProperties;
import cn.sciento.resource.filter.JwtTokenExtractor;
import cn.sciento.resource.filter.JwtTokenFilter;
import cn.sciento.resource.permission.PublicPermissionOperationPlugin;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

import javax.servlet.DispatcherType;

public class ChoerodonResourceServerConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger LOGGER = LoggerFactory.getLogger(ChoerodonResourceServerConfiguration.class);
    private final CoreProperties properties;

    public ChoerodonResourceServerConfiguration(CoreProperties properties) {
        this.properties = properties;
    }

    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(new String[]{"/actuator/**"}).antMatchers("/prometheus");
    }

    protected void configure(HttpSecurity http) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl)(((http.headers().frameOptions().disable().and()).httpBasic().disable()).csrf().disable()).authorizeRequests().antMatchers(new String[]{"/monitor/**"})).permitAll();
    }

    @Bean
    public FilterRegistrationBean someFilterRegistration(JwtTokenFilter jwtTokenFilter) {
        String[] pattern = StringUtils.replace(this.properties.getResource().getPattern(), " ", "").split(",");
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(jwtTokenFilter);
        registration.addUrlPatterns(pattern);
        registration.setName("jwtTokenFilter");
        registration.setOrder(2147483647);
        registration.setDispatcherTypes(DispatcherType.REQUEST);
        return registration;
    }

    @Bean
    public JwtTokenExtractor jwtTokenExtractor() {
        return new JwtTokenExtractor();
    }

    @Bean
    public JwtTokenFilter jwtTokenFilter(PublicPermissionOperationPlugin publicPermissionOperationPlugin, JwtTokenExtractor jwtTokenExtractor) {
        return new JwtTokenFilter(this.tokenServices(), jwtTokenExtractor, publicPermissionOperationPlugin.getPublicPaths(), this.properties.getResource().getSkipPath());
    }

    private DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(this.tokenStore());
        return defaultTokenServices;
    }

    private TokenStore tokenStore() {
        return new JwtTokenStore(this.accessTokenConverter());
    }

    private JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setAccessTokenConverter(new CustomTokenConverter());
        converter.setSigningKey(this.properties.getOauthJwtKey());

        try {
            converter.afterPropertiesSet();
        } catch (Exception var3) {
            LOGGER.warn("error.ResourceServerConfiguration.accessTokenConverter {}", var3.getMessage());
        }

        return converter;
    }
}

